Detection of malicious software, firmware, IP cores and circuitry via unintended emissions

Abstract

An apparatus for testing, inspecting or screening an electrically powered device for modified or unmodified hardware, firmware or software modifications including Malware, Trojans, adware, improper versioning, worms, or virus and the like, includes an antenna positioned at a distance from the electrically powered device and a signal receiver or sensor for examining a signal from the electrically powered device. The receiver or sensor collects unintended RF energy components emitted by the electrically powered device and includes one or more processors and executable instructions that perform analysis in a response to the acquired signal input while the electrically powered device is active or powered. The characteristics of the collected RF energy may be compared with RF energy characteristics of an unmodified device. The comparison determines one of a modified, unmodified or score of certainty of modified condition of the electrically powered device.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This patent application is related to and claims priority from U.S. Provisional Patent Application Ser. No. 62 / 071,795 filed Oct. 3, 2014 and its disclosure is being incorporated into this document by reference thereto.[0002]This document incorporates by reference the disclosures and / or teachings of the following documents: U.S. Pat. No. 7,515,094 (“Advanced electromagnetic location of electronic equipment”); U.S. Pat. No. 8,063,813 entitled “Active improvised explosive device (IED) electronic signature detection”; U.S. Pat. No. 8,537,050 entitled “Identification and analysis of source emissions through harmonic phase comparison”; U.S. Pat. No. 8,643,539 entitled “Advance manufacturing monitoring and diagnostic tool”; U.S. Pat. No. 8,825,823 entitled “System and method for physically detecting, identifying, diagnosing and geolocating electronic devices connectable to a network”; US Pub 20100123453 entitled “ADVANCE MANUFACTURING MONITORIN...

AI Technical Summary

Benefits of technology

[0024]therein is provided an apparatus, system and method for screening and inspecting electronics for malicious changes in electrical and electronic based components, boards, devices, and systems. The apparatus includes a sensitive Unintended electromagnetic energy collection device, a controller with one or more processors processing algorithms or executable instructions to compare signature

Problems solved by technology

This typically requires system time and system resources to perform.

This again typically requires additional system processing time and resources.

The above methods do not address changes already placed in firmware or hardware circuitry.

Further, the above changes require an intrusive means, modifying system operation to accomplish their goal.

The above changes cannot be performed undetected and/or at a distance from a questionable device.

As for some examples, the conventional solutions cannot well detect deliberately concealed temporarily inactive malicious hardware or firmware modifications lurking in an infected system and waiting to be automatically invoked or unleashed when triggered by a condition, signal combination or status change.

The conventional solutions cannot be implemented in a separate, portable, unobtrusive, non-contact, and attachment-not-needed handheld device for inspection of suspected equipment.

The conventional solutions cannot function without modification of or addition to the aggregate digital signaling to or within, digital processing, or logical operations of the system under test.

The conventional solutions cannot acquire a baseline of operations, baseline characteristics, or baseline behavior, without a period of intrusive changes such as data acquisition periods and execution to the known-good system and cannot do this at a distance.

The conventional solutions cannot geolocate or locate an electronic device associated with a source of emissions indicating the presence of such undesired modifications or lack of modifications in software or firmware.

The conventional solutions cannot invoke state changes which selectively activate, modify or inhibit such malware software activity or malware software activity results from a distance by active Radio Frequency (RF) illumination.

The conventional solutions cannot determine if active RF illumination has succeeded in a desired malware mitigation state change from a distance.

Conventional test methodologies, to best knowledge of the Inventors, are incapable of unobtrusively detecting malicious malware in hardware components or software subsystems.

Malware is easily hidden and its detection is thus difficult or virtually impossible using current methods, and not facilitated by these specifications, and therefore are out of the reach of currently employed assessment methods.

Further complicating matters, third party software vendors often withhold critical information due to intellectual property concerns, making independent verification impossible using standard test methods.

System on a Chip (SOC) produced by major device manufacturers such as Intel, Qualcomm, Nvidia, Texas Instruments, Samsung, and others are vulnerable to hardware Trojans as they integrate multiple IP core components from third party vendors.

Malicious circuitry in the form of Hardware Trojans in any IP core can compromise the operability and security of the entire system, removing or altering core functionality or leaking sensitive information.

The vulnerability associated with this process poses an immense threat.

Conventional test methodologies are incapable of detecting malicious circuitry in VLSI/FPGA components.

Unit t

Images